Posted
by
ScuttleMonkey
on Monday May 22, 2006 @05:25AM
from the gosh-we-didn't-think-of-that dept.

An anonymous reader writes "After approving the sale of IBM's PC Division to the Chinese Corporation Lenovo, the US Government has realized China could bug Lenovo PCs destined for US Government customers. Would the US have done the same to China? With American businesses so eager for business in China no matter what, where are we headed?"

While I have no doubt that the US & China spy on each other constantly:

But after angry objections from the US-China Economic and Security Review Commission, a bipartisan panel of experts appointed by Congress, the department opted this week to pull the computers from the network. [emph mine]

I really do have to ask. Is the US-China Economic and Security Review Commission really unaware that the vast majority [com.com] of PCs (including Apple, dell, hp, gateway, etc) are manufactured (or at least part manufactured) in China?

I find it hard to believe that they don't, so this punishment is not for the computers being manufactured in China, rather for the company not being US owned anymore. In other words, it's fine for the Chinese to do the manufacturing, but it has to be Americans making the real money (and again, this sort of chauvinism is pretty common & not unexpected, but it would be nice for the US to be a little more honest about its motivations).

It's not like the US government has exactly been leading the way on demonstrating restraint with respect to bugging.They bug everyone calling into and out of the US. They keep aggregate data for the purpose of dragnetting the stuff later for evidence of links to terrorism.They even bug members of the United Nations ( not that I have a great deal of respect for them, but still... at least most other people do ).Why wouldn't they bug China. And yes, why wouldn't China bug the US.It's an insane system. A paranoid, power-hungry system.

He suspects everyone else is a thief... or atleast a potential thief. Why would the US fear Chinese 'bugs' in Lenove PCs? And if indeed the fear is valid, then why was IBM allowed to contract it's manufacturing outside of the US, and in particular, China? If laws could be framed to control export of things like encryption etc, why not h/w manufacturing as well? So many jobs could be kept within the US.....

Earlier this year the Bush administration was very disappointed as they weren't able to sell your harbours to an Saudi company because of the senate's fear of terrorism but are afraid of computers manufactured and _owned_ by a Chinese company.

Using the chinese as manufacturers on the other hand, that's all right since the money goes to US companies.

A huge proportion of computer hardware is manufactured in China and has been for years, not to mention countless other things... What's to stop the Chinese from sending bugged components instead of full machines?

However it raises an interesting point, it's much easier to hide back doors in software, so by this reckoning china should ban the use of american software... If this started happening, i`m sure microsoft would make it's pet government back down.

Americans have a hard time adjusting to the fact that the computer world doesn't revolve around them anymore. It's a general problem right now that American companies will not buy software and hardware from companies not perceived to be American.In many ways it's just like the automobile industry in the 70's and 80's

America may be a mess, but it's not like China is a shining example of how to run a country. Your country sucks just as much as mine, and probably more so.

At least I can say America is a mess without worrying about a knock on my door from the thought police. America may be poorly mistreating those captured on the war on terror, but at least we don't have "strike hard" campaigns where our own citizens are sentenced to death in stadiums and executed minutes later. And there may be much class inequality in America, but from what I understand, it's the same in China (and everywhere else). At least our system is supposed to work that way. We may have sided with some real bastards in the Middle East in the early 1980's, but China's the one blocking action against everyone's favorite nascent nuclear theocracy in the UN Security Council.

America has been at the forefront of innovation for centuries, while China is poised to become an economic superpower simply by virtue of its huge numbers of people, importing Western ingenuity and cranking out cheap imitations. But I guess someone has to make our Happy Meal toys.:)

So seriously, shut the fuck up, Chinese guy. You have no right to talk.

The Venetian Empire was constantly threatened by the Turkish Empire...but their traders just couldn't resist doing business with the vast expanse of Asia Minor. And the long term outcome? Venice lost.

Interestingly Dubai looks like its ruler is consciously aiming at becoming the next Venice, and his relations with the US are going the same way (trying to obtain harbours in the Turkish empire==trying to buy ports in the US).

The parallels are considerable. Venice relied on seapower and built the greatest manufacturing business in the world - the Arsenal, which employed 16000 men and could turn out three ships a day at its peak. But when it tried to rely on dominating trade and took its eye off manufacturing and naval power, it went into decline. The current US emphasis on creating a world of "intellectual property" and slowly de-emphasising manufacturing is not a good long term trend, at least for the US. Look at the UK, which is now a very third class power dependent on managing financial flows.

It looks like Marx was right; US capitalism may be destroyed by the internal contradictions, in that the interests of capitalists are contrary to the security of the country. Meanwhile, China while claiming to be business friendly is using Lenin's approach of using capitalism against itself.

America may be poorly mistreating those captured on the war on terror, but at least we don't have "strike hard" campaigns where our own citizens are sentenced to death in stadiums and executed minutes later.

Why the emphasis on "your own citizens"? Surely summary execution is bad regardless of whether the victims are citizens of the country in which it takes place or not? Are you saying you would have no problem with the US government rounding up foreigners and shooting them dead, as long as it leaves its citizens alone? Boy, what an admirable sentiment.

And there may be much class inequality in America, but [...] at least our system is supposed to work that way.

It is? The country that's supposedly founded on the self-evident truth that all men are created equal, is "supposed" to have class-based equality? I thought the American dream was that everyone had an equal opportunity to succeed based on their own talent and hard work. Giving greater opportunities to the children of the rich, while condemning the children of the poor to substandard education and bad jobs, is not what America is "supposed" to stand for.

So seriously, shut the fuck up, Chinese guy. You have no right to talk.

Wait, you're saying that because the Chinese have no right to freedom of speech in their own country, they should be denied it in America too?

They say they want democracy in the Middle East, but when there is democracy in the Middle East, they don't respect the outcome (Hamas).

Bullshit. Holding a democratic election does not absolve you of responsibility for the outcome. If "the People" want Hamas to run the P.A., they will have to live with the consequences of that decision. The rest of the world is under no obligation to underwrite the operations of a group of terrorists, whether democratically elected or not.

This could become a case of chickens coming home to roost with China and other U.S competitors and adversaries using the TCP (Trusted Computing Platform) [cam.ac.uk] to have a back door to computers they produce and which are sold to businesses and governments all over the world.

All they need to do is to make note of the keys or signatures from the TPMs(Trusted Platform Module) [infineon.com] that are embedded in every modern PC.

In fact this illustrates the greatest challenge of TCP based DRM. Who will be the key escrow / signing authority in a world where China, Russia and India increasingly shun away from U.S centered IT solutions.

Not necessarily. Bugs can be designed to be passive, and nearly undetectable. Information can be leaked via intentional flaws in the shielding and filtering. Covert information channels can be very subtle and difficult to detect. They aren't going to stuff a bunch of bytes in a packet and ship it off to hq.pla.cn.

But here's the thing -- noone acts as if China are doing particularily well in these areas, neither do China currently act as "world police", waving the banner of freedom and democracy, and claiming to be chief protector of those values.

For that matter, China doesn't even particularily seem to care if other countries ignore human rigths.

When you go out in the world, invade other countries, wave the banner of freedom and democracy around, it is to be excepected that people will be bothered by this "image" and see it as fake when they're confronted by stuff like Gitmo.

There are (lots of!) places worse than Gitmo in China, no doubt about it.

But the thing is, like you say, US citizens are free to protest Gitmo. They're even free to toss out those politicians responsible for trampling americas reputation in the mud. Yet they do not. To me that's a mystery.

Most americans I know are *proud* of their freedoms. Consider human rigths *important*. Want the world to have more freedom and less torture, less inhumane punishments, less repression, less people in jail without a fair trial. That's why I don't understand why you tolerate such abuses from your own government.

At last: "We may be bad, but atleast we're better than China" is true. But it makes you wonder, doesn't it ? If you have to compare yourself to *China* to come out the winner, just how deeply have you sunk ?

Sure, you're not alone in refusing to sign the convention on childrens rigths, you share that honor with Somalia. That give a warm cuddly feeling ?

The thing is, I don't get it. I'm absolutely positive, if you where to read the declaration
(available here [ohchr.org]) for the US public and ask if they're in favor or not, literally 95% (or more) would be in favor, and you're a democracy, so I don't understand why you don't demand your government gets with the program.

I'm totally ashamed of my government's actions. I can't think of a single good idea that's come out of Washington in the past five years. I'm a registered Democrat; I vote in every election, and I donate money to politicians in every election cycle. Short of armed revolt, I don't see what more I can do.

But hearing things like "the world spits on America" makes my blood boil. I love my country, and I'm proud of (most of) its history. Blaming all Americans for the poor decisions our government makes is no different than blaming all Muslims for the activities of al-Qaeda.

True enough, the whole suggestion of PC bugging is almost funny. If the Chinese were to bug every single computer that gets assembled in China just on the off chance that it happens to end up in a secret US.Govt facitlity they would leave a footprint so large that the operation would be blown wide open pretty quickly. How many amateurs and computer engineers are there around the world picking their computers apart? One would expect such a scam to be discovered pretty quickly. Besides that how are the Chinese going tell which of the tens, if not hundreds, of thousands of computers the US.Govt buys end up in secret facilities. Do the computes phone home? Do they have self activating bugging devices that phone home (through how many layers of firewalling and network security?) when they some how automatically detect that they are in a US Govt facility? The whole suggestion of the Chinese bugging computers wholesale is ridiculous. That leaves us with the possibility of a sophisticated Chinese sting operation that uses the Lenovo distribution network to spike only those computers Lenovo and its distributors (distributors which would have to be staffed by the Chinese intelligence) know are likely to be destined for sensetive facilites. That would minimize the likelyhood of the scam being discovered unless US intel started randomly sampling computers and checking them for bugs but it still seems collossally impractical. If I were Chinese intelligence I would stick to working the most vulnerable part of any US.Govt operation. I would, for example, look for that inevitable disappointed, bored out of his skull, stuck in a dead end career pencil pusher and bribe him/her. It has worked in the past and it will work today. There have to be a thousand more practical ways of spying on the US than bugging computers.

True. Probably the majority of electronics (not just computers) seem to be sporting the "MADE IN CHINA" sticker these days. But the difference between, say a Lenovo computer and an HP computer, is that while the HP may be made in China, it is an American company, and you have to assume they have some kind of oversight of their manufacturing plants in China and would be looking out for things like employees planting bugs in computers. Lenovo has no such interest since it is based in China and is answerable only to the Chinese government in terms of breaking any laws. If HP allowed their computers to be bugged, they'd have major legal troubles back home in the states, so they have an incentive to make sure that their computers do not have bugs (the snooping kind, not the programmatic kind). It really is splitting hairs, I'll give you that. But there is a small question of incentive. The Chinese government can put pressure on Lenovo and Lenovo would have to accede to that pressure because they are a Chinese company, whereas the Chinese government would know better than to explicitly ask HP to start bugging their machines, and there should be some representative from HP at the plant to make sure that no funny stuff is going on. Personally, I wouldn't mind buying a Lenovo PC. I like ThinkPads and I like some of the improvements that Lenovo has made to them. But if I still worked in government or if I did work on my computer (I only work from my company-provided laptop, which is a Dell-UGH!), I might have to think twice about it.

Having a link in the uber-parent to one of Chomsky's endless rants against the United States strikes a terrible blow to the overall seriousness of the issue at hand.

My thoughts exactly, more so if you notice that his essay is dated 2003 and is about the Middle East situation, it has absolutely nothing to do with the USA government using computers made in China other than stating Chomsky's opinion that the USA has an interventionist foreign policy. In the context of this discussion, that link is 80% off-topic, 20% flamebait.

Chomsky is a crackpot, is trained in linguistics, not geo-politics, political theory, et al,

I wouldn't go that far, things like geopolitics and political theory aren't that much a science to need anyone to have a formal training before discussing them. If it were so, democracy would be impossible.

Noam Chomsky is a person whose mindset was frozen in the 1930s, as shown by the way he quotes "perhaps, enable the administration to accomplish its goal of rolling back the New Deal", a description that was already obsolete when first made in the 1980s.

It's funny how some people defend FDR's New Deal but fail to mention LBJ's Great Society plan, which came 30 years later and has a lot more relation to the current situation. This bias is probably due to something that has absolutely nothing to do with social policy: FDR was involved with WWII and participation in that war was well accepted by the population, differently from LBJ's Vietnam.

No, you're not familiar with your countries history, if you were, you would not have said:

We may have sided with some real bastards in the Middle East in the early 1980's, but China's the one blocking action against everyone's favorite nascent nuclear theocracy in the UN Security Council.

When it is perfectly clear to most of the world, that America is still supporting some real bastards in the middle east (not to mention an illegal nuclear power).

Chances are you live in a country whose system of government is based on the one we first implemented. I'd also imagine you're enjoying not living under a Kaiser or a Fuhrer, something for which the United States is largely responsible.

1) The first democratic country was New Zealand. [ipu.org] Prior to that, there was no democratic nation (as less then 50% of the population could vote).

2) I live in a country that's enormously grateful for the Marshall plan, no doubt about it, that was a good thing for the world (thanks to your grandfather's generation)

3) Why do you have to bring up WWII? 'cause you have not fought any wars where you were clearly in the right since?

The OP said something that I found offensive about Americans, while quite clearly trumpeting his association with China. I felt obligated to point out the hypocrisy there. That's where the China connection came from.

Incorrect. The OP said something that you found offensive about Americans, and you looked at his website and jumped to the conclusion that he was chinese. You couldn't attack his argument, so you attacked what you thought he was instead.

Ok, first of all for a bugged machine to communicate with its makers it would need some conduit to send its data. Since China is on the other side of the world any RF emissions can probably be ruled out, besides, the machine has got to be FCC certified to be sold here and if it were really RF-noisy, it wouldn't pass compliance.

This leaves network traffic. Now I really hope there aren't many machines that stradle classified networks and unclassified networks. Real, physical separation could guarantee no crosstalk between classified and non-classified systems. A while back I recall some discussion that VMWare was being used to virtualize systems of different classifications, so maybe this is not the case anymore. Nevertheless, a firmware bugged system would have to report home, and any self-resperting network admin _should_ be able to notice periodic network connection attempts to its destination, especially in a very controlled enviroment where arbitrary tcp/ip connections just aren't the norm.

This leaves the approach of using stenographic techniques to attempt to hide important data in files that the Chinese would hope to become declassified and published. Talk about hit and miss, not to mention the processing power and overhead such a scheme would take, but this is about the only way out I can think of this morning before my coffee. The firmware could be looking for keyword triggers, record big blocks of text around the keywords found, then embed in numerous other documents in hopes to leak it. Talk about a crapshot, but maybe it is worth adding to a paranoid agency's list of things to watch for.

Sorry, but democracy didn't start with womens' suffrage. (Furthermore, your assertion that a country of 100 people immediately becomes a democracy as soon as the 51st person gets the right to vote seems rather silly.) You can trace the roots of democracy back thousands of years, of course, but the fact remains that the first system of government to belong to that family of modern liberal democracies was founded here, in the mid- to late 1700's.

In the small world in which we live today, is any country not guilty of associating with at least one government you don't approve of? I don't like our association with Saudi Arabia. I don't like our war in Iraq. I don't really like much of anything we've done this century. But most Americans aren't directly responsible for that, and most of us would never have supported the invasion of Iraq in the first place had we not been flat-out lied to by Bush.

The OP made a rude generalization about Americans (i.e. the people, not the country). As such, I don't think his background is outside of the scope of the argument, and (aside from that Happy Meal comment, which you have to admit was kind of funny), I don't think I stepped outside of the boundaries of acceptable discourse. I wasn't defending the actions of the Bush administration at all.

And unless you're wearing clothes made in your local village, eating only locally-grown food and working for a small, local business with no connections outside your country, you're also complicit in a lot of this. Does your government have trade relations with the United States? Why haven't you done something to stop them? You're responsible for what they do, after all.

Muslims don't vote for al-Queda, nor do they, en masse, continue to support them with campaign contributions.

Moreover, as an American, I must point out that its a little silly to be proud of America's history. The US has done a lot of very bad things in its history, specifically the genocide of the native people and continued intervention into the affairs of Latin America. Being a proud American, thus, means either being ignorant of history, or swallowing some of the simpler ideas about fairness, humanity, and democratic freedom. Of course, that is not to say that the latter is that unusual a state of mind for people. Certainly, the Chinese, the Japanese, the British, the French, nor the Germans (or whomever else sees it fit to criticize America as of late), cannot say with a clear conscience that their dark history is any better than ours.

Even if you've got the source code, it won't help you determine if there is remote surveillance embedded in it. That source has to be compiled by a compiler that is controlled by MS. Ok, so lets say you have the source for that. It was compiled by itself, and I'm sure everyone here knows of the paper by Ken Thompson concerning hiding code in a compiler such that it is no longer in the source code.

As Ken Thompson says; "No amount of source-level verification or scrutiny will protect you from using untrusted code."